Another week, another Cisco-security-kit-needs-a-patch story

Probing last week's ASA and Firepower flaws found another DDOS to deter

By Richard Chirgwin

Posted in Networks, 6th February 2018 03:03 GMT

Cisco's again asked owners of Adaptive Security Appliances or Firepower Threat Defense Software to patch, after it turned up a new DDOS problem that last patches didn't address.

Owners of such kit were in patch-fast mode last week after Switchzilla revealed a “crafted XML attack” that exposed webvpn's interface to the 'net, permitting denial of service or remote code execution.

Now Cisco's revealed that its probes into the problems revealed a further DOS vector.

Omar Santos, a principal engineer in Cisco's Product Security Incident Response Team, wrote that working with NCC Group's Cedric Halbronn (who made the original bug report), it was “found that the original list of fixed releases published in the security advisory were later found to be vulnerable to additional denial of service conditions”.

Santos added quick diagnostics for anybody wanting to know if their configuration is vulnerable: the key port will show up in response to the command show asp table socket | grep SSL|DTLS:

The presence of an SSL or DTLS listen socket on any TCP port indicates vulnerability.

Since IKEv2 configurations are also vulnerable, checking that as shown below also seems prudent.

The new patch is available at Cisco's updated advisory.

If you want complete understanding of the bug, NCC Group has put together a 120-page presentation [PDF] for Recon Brussels. ®

Sign up to our NewsletterGet IT in your inbox daily


More from The Register

Outgoing Cisco exec chair John Chambers joins Sprinklr board

There is life after the Borg... in social media management platforms apparently

Former Cisco CEO John Chambers says insects are the new lobsters

Only a venture capitalist could say something like that – but that’s what Chambers is now

Cisco's John Chambers to quit as exec chair

Southern drawler to fly off into sunset on back of a drone

Cisco's John Chambers: Robot farmers will feed bloated cricket thoraxes to our children

'US is the worst for startups'

Chambers tells India Cisco's got another US$100 million to spend

Students and startups

Cisco separates switching and routing software from hardware

Open networking finally comes to Switchzilla as IOS XR, IOS XE, Nexus OS added to disaggregation strategy

Cisco's Chambers mulls Indian manufacturing base

Come to Pune or miss the bus, apparently. Also, you rock harder than Shelbyville

Cisco CEO John Chambers' parting gift: a better-than-expected Q3

Switches and routers still the growth engines

Comparex boss Mike Chambers packs bags and heads for hills

Some people do 12 years for murder... channel exec released for good behaviour

Cisco slurps Viptela to bolster SD-WAN management

US$610 million shaves a third from last year's valuation